Black Friday: Big Shopping Day, Bigger Cyber Threat

The Thanksgiving holiday is finally upon us and experts are estimating that this year’s online spending will continue to increase compared to previous years. Billions of dollars will be spent and millions of transactions will take place this year on Black Friday and Cyber Monday, and this is exactly what cyber criminals are counting on.

In addition to Cyber Monday, Black Friday has become a perfect target for cyber-attacks with many brands starting their online and in-store sales earlier in the week. In recent years, retailers have played to consumers need for instant gratification by leaking Black Friday and Cyber Monday deals as early as September. Cyber criminals have followed suit launching malware attacks in the weeks and days leading up to Black Friday.

Although cyber-attacks have become increasingly more sophisticated, malware attacks around the holidays are sophisticated, but more importantly play into the psychological effects of people’s emotions. Simply put, cyber criminals know that consumers have FOMO (fear of missing out) when it comes to holiday deals, and create spoofed emails from leading brands promoting sales and discounts. Hundreds of top consumer brands are the targets of these fake emails and domains including Amazon, Target and more. If a consumer gets an email from a fake account and clicks on the link in the email, the hacker can gain access to the consumers personal information or launch a malware attack onto the computer.

How does this effect your company? According to Finder.com, almost 75% of all Americans are planning to shop on Black Friday and Cyber Monday, and the majority will be doing so at their place of work. Even without making a transaction your employees may be at risk, by simply checking their emails. The majority of hacked emails are sent out leading up to the holiday, to capitalize on people’s emotions and excitement over getting a great a deal.

How can you spot a scam?

1. Double and triple check the sender’s email address on all emails. If you don’t recognize the email address, don’t open it.
2. Go directly to websites, by entering the full website address rather than doing a Google search.  A fake domain can show up on Google searches and be as simple as Amazn[.]com.
3. Never open an email with an attachment from a company or person that you do not know. Attachments can include malware and Trojan viruses.
4. If the email is designed to make you panic, think twice!  Scammers play on emotions of urgency.

To find out more about Impact’s cybersecurity and managed IT offerings, get in touch with a local Impact representative. Or, download our eBook, What Makes a Good Cybersecurity Defense for a Modern SMB?